CVE-2024-49359 – ZimaOS CasaOS Directory Traversal Vulnerability

October 24, 2024
11:16 pm

CVE ID : CVE-2024-49359

Published : Oct. 24, 2024, 10:15 p.m. | 1 hour, 1 minute ago

Description : ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http:///v2_1/file` in ZimaOS is vulnerable to a directory traversal attack, allowing authenticated users to list the contents of any directory on the server. By manipulating the path parameter, attackers can access sensitive system directories such as `/etc`, potentially exposing critical configuration files and increasing the risk of further attacks. As of time of publication, no known patched versions are available.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-49359 – ZimaOS CasaOS Directory Traversal Vulnerability

Elvescore.io

Recent Posts

CVE-2025-2343 – IROAD Dash Cam X5 and X6 – Critical Hard-Coded Credentials Vulnerability in Device Pairing

CVE-2025-2344 – IROAD Dash Cam X5 and Dash Cam X6 API Endpoint Missing Authentication Vulnerability

CVE-2025-2341 – IROAD Dash Cam X5 Default Credentials Local Network Vulnerability

CVE-2025-2342 – “IROAD X5 Mobile App Hard-Coded Credentials Vulnerability”

CVE-2025-2338 – Apache Tbeu Heap-Based Buffer Overflow Vulnerability

CVE-2025-2339 – “otale Tale Blog Remote Authentication Bypass”

CVE-2024-49359 – ZimaOS CasaOS Directory Traversal Vulnerability

CVE-2024-49359 – ZimaOS CasaOS Directory Traversal Vulnerability